GHSA-w228-rfpx-fhm4: cg vulnerable to an Open Redirect Vulnerability on Referer Header

April 23, 2024

A vulnerability has been discovered in the handling of the referrer header in the application, which could allow an attacker to conduct open redirects. The issue arises from improper validation of the referrer header in certain conditions. By manipulating the referrer header, an attacker could potentially redirect users to malicious websites, phishing pages, or other dangerous destinations.

References

github.com/Clinical-Genomics/cg
github.com/Clinical-Genomics/cg/blob/master/cg/server/invoices/views.py
github.com/Clinical-Genomics/cg/commit/96e6a968a5a3639cc40ad251ad65952e4f38dd25
github.com/Clinical-Genomics/cg/security/advisories/GHSA-w228-rfpx-fhm4
github.com/advisories/GHSA-w228-rfpx-fhm4

Detect and mitigate GHSA-w228-rfpx-fhm4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →